Wednesday, February 20, 2013

What's new in this round? For starters, from now on you will find both the stable and unstable releases on the Google CDN. We're highly confident about the stability of angular's 1.1.x branch from here, and want to make it easy for developers to start using the new features, many of which are already in use by our own Google-developed apps.

Worth noting, in both 1.0.5 and 1.1.3: $compile now sanitizes values bound to <a href="{{expression}}"> for improved security, and also includes a fix for a memory leak when a template contains empty top level text nodes (see change notes 9532234b and 791804bd).

The unstable branch 1.1.3 radioactive-gargle includes all the bug fixes from 1.0.5 flatulent-propulsion, plus some new features to try out in your code. In particular, in 1.1.3 we've introduced promises on $resource. For docs on features exclusive to 1.1.3, check out the 1.1.3 repository.

Special white hat thanks to Zach Jones for reporting the security deficiency addressed in this release. We've also created a new contact address, security@angularjs.org, where you can email us to report any potential security issues in AngularJS in the future. We've built AngularJS to be secure by default (and went through a through security review at Google to prove it), so even though the security issue is not a critical one and is better addressed on the server-side, we added an extra layer of sanitization into our data-binding layer so that Angular developers have one less thing to worry about.